What can be done about WebRTC issues?

Recent reports from our users have brought to light a security hole that can reveal your IP address to websites through WebRTC. WebRTC was originally developed to aid certain types of connections between browsers without the need for an additional plugin. The 'RTC' in WebRTC stands for Real-Time-Communication, and the API directory is used for voice calls, video chats, and p2p file sharing. Suspicions that WebRTC could be used to discover a user’s local IP, even under the presence of a VPN, have been around since 2013.

Since WebRTC uses javascript requests to get your IP address, users of NoScript or similar services will not leak their IP addresses.

Note: This is a BROWSER issue, not a VPN problem, and not unique to our service.

If you are using a VPN or a Proxy and you would like to test this WebRTC Local IP leak, you can visit this page.

Google Chrome users should download this browser extension (WebRTC Network Limiter) add-on that will block WebRTC. Users can also use this browser extension (ScriptSafe) add-on, this extension stops any web pages from running any scripts, including WebRTC.  

Opera users can download a plugin that will allow them to download and use Google Chrome add-ons.

Firefox users can actually turn off the default WebRTC functionality directly in Firefox settings by typing 'about:config' into the search bar and browsing to the 'media.peerconnection.enabled' option and setting it to FALSE.

Users of Canary, Nightly, and Browser are also vulnerable to this IP leak. However, the local IP address leak should not affect Internet Explorer or Safari users unless they have manually added WebRTC themselves.

Have more questions? Submit a request